CVE-2024-6592

Published: Sep 25, 2024Modified: Oct 15, 2025

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows and the WatchGuard Single Sign-On Client on Windows and MacOS allows Authentication Bypass.This issue affects the Authentication Gateway: through 12.10.2; Windows Single Sign-On Client: through 12.7; MacOS Single Sign-On Client: through 12.5.4.

Affected (3)

Products: Watchguard: Authentication Gateway, Single Sign On Client

2 products

Authentication Gateway

Single Sign On Client

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Watchguard Authentication Gateway	Up to 12.10.2
Watchguard Single Sign On Client	Up to 12.5.4
Watchguard Single Sign On Client	Up to 12.7

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014

Source: 5d1c2695-1a31-4499-88ae-e847036fd7e3

MitigationVendor Advisory

Timeline

No history available yet.